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and Finite Automata 
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• Automata studies (1956) 




Kleene's Regular Expressions 


provides a language to program finite state automata, 
or to specify the behaviour of such machines. 

Program execution is represented as a string of actions 
occurring sequentially while the program runs. 



Operators and constants 


• p;q is sequential composition 

• execution of p is followed by execution of q 

• p u q is choice between p and q 

• only one of them is executed 

• 1 is executed by doing nothing and making no change 



The Laws of Regular Algebra 


p;(q;r) = (p;q);r 

1;p = p = p;1 

p u q = q u p 

pup = p 

p;(q u r) = p;q u p;r 


; associates 
1 is the unit of ; 

u commutes 
u is idempotent 

; distributes thru u 


and so does u 


and leftward as well 



Refinement Ordering < (below) 

• p < q means every execution of p is an execution of q, 

so p is more determinate - stronger 
and q is more abstract - weaker 

• If p, is a program and r, s are specifications 

p < r means p satisfies r 
r < s means r implies s 

• The algebra ignores the distinctions, because the proofs are 
the same for both specifications and programs 



p < q means p u q = q 



Covariance 


• Theorems: 

p; q < p ; (q u r) 
q ; p £ (q u r); p 


• Proof rule: 


P * q— 

p; r £ q ; r 

r; p £ r; q 


If the antecedents above the line have been proved, 
so are the consequences below the line. 




More proof rules for < 

p < q & q < r 
p £ r 

p < q & q < p 

p = q 


(< is transitive) 


(< is antisymmetric) 


All the rules can be derived from the laws, by a little proof 





1. Proofs of programs 





An Axiomatic Basis for Computer 
Programming 


CAR. Hoare 

Communications of the ACM 12(10) 1969 




The Hoare triple 

• Purpose: to prove that all possible executions of a program q 
when started after a precursor p will exhibit some desirable 
property r. 

• Definition: {p} q {r} = p;q < r 

• Interpretation: 

• If p (the precondition) describes what has happened so far 

• and q is now started and executed to completion, 

• then the trace of overall execution will satisfy r (the postcondition). 



Rule: Sequential composition 

{p} q {s} & {s} q' {r} (Hoare) 

{p} q;q' {r} 

It is equivalent to a weaker form of the law of associativity 
p;(q;q') < (p;q);q' (Proof by covariance) 

It is not possible from the rule to prove (q';q);p < q';(q;p), 




A Calculus of Communicating Systems 


AJ.R.G Milner 


Springer Lecture Notes in Computer Science 


1980 



Milner Transitions 

• Purpose: to show how an implementation can generate just 
a single execution of the program r. 

• Definition: r -3— p = q;p < r 

• Interpretation: 

• r may be executed by first executing q , 

• with p as continuation for later execution. 

• (maybe there are other ways of executing r) 




Rule: Sequential composition 

r -3L s & s -3— p 
r -O^q ■ p 

is equivalent to the other weak form of associativity 

(q';q);p ^ q';(q;p), 

By antisymmetry of < ( conjunction of the Hoare inequality 
with the Milner inequality gives the associative equation. 
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Concurrent Composition: p||q 


• p and q start together and finish together 

• in between, they may communicate. 


• || is associative, commutative, and idempotent 

• and distributes through u 

• and has unit 1 


• and obeys the Exchange Law ... 



The exchange law 

• Axiom: (pllq) ; (p'llq') < (p;p') II (q;q') 

• The two ';'s on the RHS of < are scheduled to occur 
simultaneously, as shown by the single ; on the LHS. 

• LHS is a more interleaving sequential implementation 

of the more general concurrency of RHS 

• The LHS is a subset of the interleavings of the RHS 



The Exchange Law 

• Axiom: (pllq); (p'llq') < (p;p') II (q;q') 

• Theorems (frame laws): 

1. (pllq); q' < pll(q;q') 

2. p;(p'llq') < (p;p')||q' 

3. p;q' < pllq' and q;p' < p'llq 


Proof: substitute 1 for the variable(s) of the axiom that are 
omitted in the theorem 



Interleaving example 

• Let a, b, c, d be atomic actions of a sequential program 

• written without semicolons as abed 

• Let x, y, z, w be atomic actions of another such program 

• written xyzw 

• The two programs are executed concurrently 

• the next slide shows how the Exchange Law permits an 
interleaved execution of actions from the two sequences 



Interleaving by exchange 


(assoc;) = 

(exchange) > 

(frame) > 

(comm II...) > 


abed II xyzw 
(a;bcd) || (xy;zw) 
(a||xy); (bcdllzw) 
(a||x;y); (b;cd||zw) 
(allx); y; (b||zw); cd 
xayzbwcd 


Different associations and commutations of ; 
at each step will obtain all other interleavings. 


and 



Microsoft 



for concurrent composition 




Modular proof rule for || 

p;q < r & p';q' < r' 

(p||p');(qllq') < (r||r ) 

• Splits the proof of a complex inequality 
between concurrent programs 
into two simpler sequential proofs. 


• The proof rule is proved from the exchange law 
and the exchange law is proved from the rule 




Modularity rule implies the Exchange law 

p;q < r & p';q' < r' (modularity rule) 

(pllp');(qllq') < r||r' 

• Replace r by p;q and r' by p';q' 

• The antecedents (p;q < p;q and p';q' < p';q') 

are now proved by reflexivity of < 

• and the conclusion is: 

(piip);(qiiq) ^ (p;q)ii(p';q) 

which is the exchange law 




Exchange law implies Modularity rule 

• Assume the antecedents of the rule: p;q < r and p';q' < 

• (p;q)ll(p';q') £ (r||r') (covariance of II 2ce) 

• (p||p');(q||q ) < (p;q)||(p';q') (exchange law) 

• So (p||p');(q||q') < (r||r') (by transitivity of <) 

• Therefore p:q < r & p':q' < r' (the modularity rule) 

(p||p');(qllq ) ^ r||r' 




{p} q {r} {p'} q' {r'} 

{piip} qlq" (rim 


Separation Logic 
(O'Hearn) 


r g p r' q' p' 

(r||r') qllq[ (pllp') 

Operational Semantics 
(Milner's CCS) 

p;q ^ r p';q' < r' 

(p||p');(q||q') < (r||r') 

modularity rule 


are all equivalent to the Exchange axiom 







Summary: Concurrent Composition 
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Languages 




Microsoft 


In Praise of Algebra 




Algebraic Laws 


• are taught to schoolchildren 

• appreciated by mathematicians 

• used by engineers 

• and by software tools 

• optimisers, compilers, 

• program verifiers, generators and analysers, 

• test case generators, displays, and diagnostic aids 

• They play a central role in unification of theories 



Anybody against? 




